From 5928a0a9e4698475971455f381a84387a26adf58 Mon Sep 17 00:00:00 2001 From: user123 Date: Sat, 10 Jan 2026 23:46:26 +0800 Subject: [PATCH] Default Registry --- src/config.toml | 6 ++++++ src/config/config.go | 2 ++ src/handlers/docker.go | 41 +++++++++++++++++++++-------------------- 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/src/config.toml b/src/config.toml index 18e8c2d..984180a 100644 --- a/src/config.toml +++ b/src/config.toml @@ -83,6 +83,12 @@ authHost = "registry.k8s.io" authType = "anonymous" enabled = true +# Default Registry +[defaultRegistry] +upstream = "registry-1.docker.io" +authHost = "auth.docker.io" +enabled = true + [tokenCache] # 是否启用缓存(同时控制Token和Manifest缓存)显著提升性能 enabled = true diff --git a/src/config/config.go b/src/config/config.go index ceaf9de..bb44cdb 100644 --- a/src/config/config.go +++ b/src/config/config.go @@ -49,6 +49,8 @@ type AppConfig struct { } `toml:"download"` Registries map[string]RegistryMapping `toml:"registries"` + + DefaultRegistry RegistryMapping `toml:"defaultRegistry"` TokenCache struct { Enabled bool `toml:"enabled"` diff --git a/src/handlers/docker.go b/src/handlers/docker.go index eb89a35..b808e7f 100644 --- a/src/handlers/docker.go +++ b/src/handlers/docker.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "net/http" + "regexp" "strings" "time" @@ -16,6 +17,8 @@ import ( "hubproxy/utils" ) +var realmRegex = regexp.MustCompile(`realm="(https?://)([^/"]+)(/?[^"]*)"`) + // DockerProxy Docker代理配置 type DockerProxy struct { registry name.Registry @@ -68,7 +71,13 @@ var registryDetector = &RegistryDetector{} // InitDockerProxy 初始化Docker代理 func InitDockerProxy() { - registry, err := name.NewRegistry("registry-1.docker.io") + cfg := config.GetConfig() + upstream := "registry-1.docker.io" + if cfg.DefaultRegistry.Upstream != "" { + upstream = cfg.DefaultRegistry.Upstream + } + + registry, err := name.NewRegistry(upstream) if err != nil { fmt.Printf("创建Docker registry失败: %v\n", err) return @@ -353,17 +362,21 @@ func (r *ResponseRecorder) Write(data []byte) (int, error) { } func proxyDockerAuthOriginal(c *gin.Context) { - var authURL string + cfg := config.GetConfig() + + authHost := "auth.docker.io" + if cfg.DefaultRegistry.AuthHost != "" { + authHost = cfg.DefaultRegistry.AuthHost + } + if targetDomain, exists := c.Get("target_registry_domain"); exists { if mapping, found := registryDetector.getRegistryMapping(targetDomain.(string)); found { - authURL = "https://" + mapping.AuthHost + c.Request.URL.Path - } else { - authURL = "https://auth.docker.io" + c.Request.URL.Path + authHost = mapping.AuthHost } - } else { - authURL = "https://auth.docker.io" + c.Request.URL.Path } + authURL := "https://" + authHost + c.Request.URL.Path + if c.Request.URL.RawQuery != "" { authURL += "?" + c.Request.URL.RawQuery } @@ -421,12 +434,7 @@ func proxyDockerAuthOriginal(c *gin.Context) { // rewriteAuthHeader 重写认证头 func rewriteAuthHeader(authHeader, proxyHost string) string { - authHeader = strings.ReplaceAll(authHeader, "https://auth.docker.io", "http://"+proxyHost) - authHeader = strings.ReplaceAll(authHeader, "https://ghcr.io", "http://"+proxyHost) - authHeader = strings.ReplaceAll(authHeader, "https://gcr.io", "http://"+proxyHost) - authHeader = strings.ReplaceAll(authHeader, "https://quay.io", "http://"+proxyHost) - - return authHeader + return realmRegex.ReplaceAllString(authHeader, fmt.Sprintf(`realm="http://%s$3"`, proxyHost)) } // handleMultiRegistryRequest 处理多Registry请求 @@ -605,12 +613,5 @@ func createUpstreamOptions(mapping config.RegistryMapping) []remote.Option { remote.WithTransport(utils.GetGlobalHTTPClient().Transport), } - // 预留将来不同Registry的差异化认证逻辑扩展点 - switch mapping.AuthType { - case "github": - case "google": - case "quay": - } - return options }